Cybeats
Senior Security Researcher

Cybeats is looking for an experienced Security Researcher with offensive background red teamer, pentesting and malware research skills with familiarity of IoT/OT/ICS devices, strong understanding of embedded systems architecture, knowledge of ATT&CK framework, writing YARA rules and understanding responsible disclosure process.

Qualifications

  • Embedded Software Analysis and Pentesting 3 - 5 years

  • B.Sc/M.Sc in Computer Science / Electrical Engineering or equivalent experience

Responsibilities

  • Stay up-to-date with the latest software security vulnerabilities, protection mechanisms, and related compliance standards

  • Develop Python based scripts to automate day-to-day workflows and processes

  • Transform compliance regulations and standards into actionable tasks that can be easily integrated as product features

  • Perform POC for various types of vulnerabilities on test devices (Linux, Android, RTOS)

  • Develop multi-threaded and low-latency/low-footprint applications

  • Contribute to development of security controls and solutions for most recent vulnerabilities and attacks

Experience

  • 3 years  of experience in the field of cryptography and software security mechanisms

  • 5 years of experience in developing agent code running on an embedded device

  • 5 years of experience in C/C++ programming

  • 5 years of experience in Linux or other Unix-like operating systems

  • Understanding of GIT and CI/CD practices and tools

  • Strong verbal and written communication skills

Advantages

  • Experience in Application Security, knowledge of common vulnerabilities and best practices such as OWASP Top 10, SANS 25, ASVS, ATT&K

  • Familiarity with some security and privacy compliance standards/regulations such as ISO/IEC 62443, NIST 800-53, CSA CCM, PCI-DSS, GDPR, and HIPAA

  • Experience developing embedded security products

  • Experience developing anti-tampering functionality/TPM modules

  • Experience in Linux user-space, kernel driver/module development

  • Understanding of REST API communication

  • Experience with cryptographic functions and hashing algorithms

  • Understanding of TLS/PKI based data communication concepts

  • Experience with the following operating system (Linux, Android, QNX, RTOS)

  • Knowledge in assembly language (ARM/x86/MIPS/PPC)

  • Understanding SAST/DAST tools and embedded debugging techniques

  • Experience with C CERT coding practices great advantage

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Cybeats is an equal opportunity employer. We enthusiastically accept our responsibility to make employment decisions without regard to race, religious creed, color, age, sex, sexual orientation, national origin, ancestry, citizenship status, religion, marital status, disability, military service or veteran status, genetic information, medical condition including medical characteristics, or any other classification protected by applicable federal, state, and local laws and ordinances. Our management is dedicated to ensuring the fulfillment of this policy with respect to hiring, placement, promotion, transfer, demotion, layoff, termination, recruitment advertising, pay, and other forms of compensation, training, and general treatment during employment.

We will only review applications submitted though the form on our Careers page.